package com.lhc.config;

import com.lhc.diy.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;

/**
 * @Author lhc
 * @Date 2020-09-24 14:39
 **/
@Component
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired private MyUserDetailsService myUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .formLogin()
            .and()
            .authorizeRequests()
//            .antMatchers("/oauth/**").permitAll()
            .antMatchers("/api/test1").hasAuthority("p1")
            .antMatchers("/api/test2").hasAuthority("p2")
//            .antMatchers("/api/**").fullyAuthenticated()   //所有的 api开头请求必须认证通过
            .anyRequest().fullyAuthenticated()
            .and().logout().permitAll()
            .and().cors()
            .and().csrf()
            .disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(myUserDetailsService);
    }
}